New Koha driver setting: dontValidatePasswords (#1024)

- Can be turned on to instruct the driver to trust the VuFind authentication source over the Koha database (useful to support SAML/Shibboleth)

New Koha driver setting: dontValidatePasswords (#1024)
- Can be turned on to instruct the driver to trust the VuFind authentication source over the Koha database (useful to support SAML/Shibboleth)
5d4abebe · Jason Cooper · Demian Katz · dae65b93 · 5d4abebe · 5d4abebe
Commit 5d4abebe authored 7 years ago by Jason Cooper Committed by Demian Katz 7 years ago
--- a/config/vufind/Koha.ini
+++ b/config/vufind/Koha.ini
@@ -6,6 +6,11 @@ password    = mysqlpassword
 database    = koha
 url         = http://library.myuniversity.edu

+; If we trust our authentication source and know it to be the same as the one used by
+; koha then we can choose to not validate our patron's passwords (Useful if you are
+; using SAML/Shibboleth for authentication for both VuFind and Koha)
+dontValidatePasswords = false
+
 ; This section translates Koha's internal location codes into strings for on-screen
 ; display.  You can customize the text to your liking.
 [Location_Codes]

--- a/module/VuFind/src/VuFind/ILS/Driver/Koha.php
+++ b/module/VuFind/src/VuFind/ILS/Driver/Koha.php
@@ -97,6 +97,13 @@ class Koha extends AbstractBase
        // Location codes are defined in 'Koha.ini' file according to current
        // version (3.02)
        $this->locCodes = $this->config['Location_Codes'];
+
+        // If we are using SAML/Shibboleth for authentication for both ourselves
+        // and Koha then we can't validate the patrons passwords against Koha as
+        // they won't have one. (Double negative logic used so that if the config
+        // option isn't present in Koha.ini then ILS passwords will be validated)
+        $this->validatePasswords
+            = empty($this->config['Catalog']['dontValidatePasswords']);
    }

    /**
@@ -510,11 +517,19 @@ class Koha extends AbstractBase

        $sql = "select borrowernumber as ID, firstname as FNAME, " .
            "surname as LNAME, email as EMAIL from borrowers " .
-            "where userid = :username and password = :db_pwd";
+            "where userid = :username";
        
+        $parameters = [':username' => $username];
+
+        if ($this->validatePasswords) {
+            $sql .= " and password = :db_pwd";
+            $parameters[':db_pwd'] = $db_pwd;
+        }
+
        try {
            $sqlStmt = $this->db->prepare($sql);
-            $sqlStmt->execute([':username' => $username, ':db_pwd' => $db_pwd]);
+            $sqlStmt->execute($parameters);
+
            $row = $sqlStmt->fetch();
            if ($row) {
                // NOTE: Here, 'cat_password' => $password is used, password is